mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 10:27:29 +00:00
never allow {{ }} in user-input
This commit is contained in:
parent
c07ff16274
commit
1a5680d2a8
@ -101,6 +101,9 @@ class Request
|
||||
unset($value);
|
||||
|
||||
$antiXss = new AntiXSS();
|
||||
$antiXss->addNeverAllowedRegex([
|
||||
'{{(.*)}}' => ''
|
||||
]);
|
||||
|
||||
// check $_GET
|
||||
PhpHelper::cleanGlobal($_GET, $antiXss);
|
||||
|
Loading…
Reference in New Issue
Block a user